Professional Documents
Culture Documents
Network Admin Guide Version2.2
Network Admin Guide Version2.2
Network Admin Guide Version2.2
First published for Skype for Windows version 3.0 (Dec 2006)
www.skype.biz
This guide provides information to help you understand how to manage Skype in the
context of an enterprise environment.
Our goal is to enable users to enjoy Skype from as wide a variety of networks as possible,
without requiring people to understand or configure complex options such as relay hosts or
preferred network ports. In this sense, Skype is generally ‘hands-off”.
The authentic and most up-to-date version of Skype is always available directly from
Skype’s own download server at http://www.skype.com/download. From here there is a
business version available which includes the Windows Installer (MSI).
Once installed, the Skype client periodically checks to see if there is a software update
available, although system- or network administrators may disable this feature. And end
users can adjust their Skype client preferences to control how updates and patches are
handled in general.
General Guidelines
Skype wants end users and enterprises alike to have a safe and enjoyable experience using
Skype to enable communications. Toward this end, we would like to underscore the
importance of keeping your company’s computers and users safe and secure while doing
so. Here are some of the main issues to be aware of:
• Before you deploy Skype in an organization, be sure it is an authentic copy. Check the
digital signature of the installer and be sure to read and accept the terms and conditions
in Skype’s End User License Agreement and Terms of Service before deploying Skype
software.
• Keep your organization’s computers up-to-date with relevant patches. Most of the
computer security problems on the Internet today can be traced back to improperly
patched computers.
such as the Apple Macintosh, and keep the virus definitions constantly updated.
• When you use Skype, know who you’re authorizing and don’t hesitate to block users
who are making unwanted contact. Keep user profiles up-to-date, but also know that
everything in a user’s profile (except e-mail addresses which are masked for privacy) are
viewable to others whose search criteria matches the information in the profile. The
Privacy Policy at http://www.skype.com/legal/privacy sets out how Skype may use end
user’s personal data, traffic data and the content contained in communication(s). You
should ensure that end users have read and agree to this policy before using Skype.
• Always authenticate other parties before beginning to discuss any confidential business
or sensitive personal information. Remember that although Skype takes care to protect
communications from unwanted disclosure, there is the remote possibility that your
computer, or those belonging to persons with whom you are communicating have been
“hacked” or compromised in some way.
• Instruct your users to choose good passwords for Skype and change them regularly.
Remember, users should never check “remember my password” when using Skype on a
shared computer.
• Without launching the Skype client, a user may open the Windows Control Panel and
double-click on Add or Remove Programs. Then, the user can find the entry for Skype
and click on the entry labeled, “Click here for support information.” Follow the
hyperlink on the line entitled, “Product Updates” which launches the default web
browser and indicates whether the installed version is up-to-date.
Skype recognizes the challenges that enterprises and other organizations face with respect
to managing sophisticated IT environments, as well as the complexity related to managing
all of the different software applications and hardware in use today.
Therefore, we have released a ‘business version’ of the Skype client, which comes with a
Windows Installer Package (MSI) making it easier to deploy in an enterprise network.
You can download the business version at www.skype.com/go/businessdownload
Also, setting policies via Group Policy Objects and registry keys is now supported by
Skype, please read on for more information.
Our goal is to enable system and network administrators by making it easier and by
improving control over the enterprise-wide deployment and management of Skype.
Policies
The Skype client adheres to the precedence of managed settings in order of the following
priority:
1. HKLM Registry Keys (highest precedence)
2. HKCU Registry Keys
3. shared and config.xml Skype client settings
4. Skype client user preferences and defaults (lowest precedence)
Windows Registry
The Skype client has end user interface controls and/or functions for many of the features
over which an enterprise might want to control. Some of the more technical and network-
related features and configuration options are only accessible via the registry.
This is because enterprises that require such functionality generally have systems in place
for centrally managing users' registries, and registry access control to ensure that users
can't circumvent such settings.
Note: Proper XML syntax and format (closing, opening tags, etc.) is required. Otherwise,
changes will not apply or the configuration will be lost if Skype is not running.
Note: You can download Skype-v1.5.adm from the Business section of the Skype
website (http://www.skype.com/security/Skype-v1.5.adm) to configure Skype policies using
Group Policy Editor.
Registry-based policy settings appear and may be configured in the Group Policy Object
Editor, which is under the Administrative Templates node.
The Skype-v1.5.adm file does not actually apply policy settings. Instead, it simply enables
you to see the policy settings in the Group Policy Object Editor. From there, you can create
Group Policy objects (GPOs) that contain the policy settings which you want.
For more information on how to deliver and apply group policies, refer to:
• Open Group Policy as an MMC snap-in
http://technet2.microsoft.com/WindowsServer/en/library/ae13960b-3a27-4b19-a866-
ed6e6e7a312d1033.mspx?mfr=true
Configurable Policies
Following is the list of configurable policies that apply to Skype for Windows (version 3.0
and above):
Skype Non-functional
Capabilities
DisableApiPolicy Disable Skype Public API to prevent third-
party applications from accessing Skype
functionality.
DisableVersionCheckPolicy Disable new version checking by preventing
Skype from detecting new versions and
updates.
MemoryOnlyPolicy Run in memory-only mode so Skype does
not store any data on the local disk.
Network-related Functionality
ListenPortPolicy Set the listening port where Skype listens for
incoming connections.
ListenPort Listening port number.
ListenHTTPPortsPolicy When enabled, listen on HTTP (port 80) and
HTTPS (port 443) ports; when disabled,
don't listen on HTTP/HTTPS ports; when not
configured, let the user decide.
DisableTCPListenPolicy Disable listening for TCP connections to
prevent the Skype client from receiving
incoming TCP connections.
DisableUDPPolicy Disable UDP communications to prevent the
Skype client from using UDP to
communicate with the network.
DisableSupernodePolicy Prevent the Skype client from becoming a
supernode.
ProxyPolicy Establish the proxy policy.
ProxyType Establish the proxy type.
ProxyUnset Unset
ProxyAutomatic Automatic
ProxyDisabled Disabled
ProxyUnset Unset
ProxyHTTPS HTTPS
ProxySOCKS5 SOCKS5
ProxyAddress Proxy address (host:port)
ProxyUsername Username
ProxyPassword Password
Registry Keys
Following is the list of registry keys that apply to the Skype for Windows (version 3.0 and above):
HKEY_LOCAL_MACHINE (HKLM)
The registry keys for the local machine take precedence over the registry
keys for the local user if there is a conflict.
HKEY_CURRENT_USER (HKCU)
The registry keys for the current user take precedence over the
configuration parameters in the XML configuration files if there is a
conflict.